View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004123Slicer4Core: Base Codepublic2016-01-10 14:192016-10-13 01:25
Reporterjcfr Assigned Tojcfr  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product VersionSlicer 4.5.0-1 
Target VersionSlicer 4.6.0Fixed in VersionSlicer 4.6.0 
Summary0004123: Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kaspersky
Description

Installing the latest "stable" version of Slicer v4.5.0-1 on Windows 10 is not possible because Kaspersky antivirus flagged it as malware

// ------------------
?05.01.2016 12.34.48 Detected object (process memory) was deleted. c:\program files\slicer 4.5.0-1\slicer.exe Process memory: c:\program files\slicer 4.5.0-1\slicer.exe Object name: PDM:Trojan.Win32.Bazon.a Object type: Other malware Time: 05/01/2016 12:34
// ------------------

For references:

The applauncher is pre-built executable, the source code is available here:

https://github.com/commontk/AppLauncher

It is simple and small program allowing to preload all shared libraries and also set the environment of any executable.

It is built against statically built Qt libraries.

AppLauncher binaries can be downloaded from here:

For 4.5.0-1 build of Slicer (launcher pre-built against Qt 4.7.4): http://packages.kitware.com/item/6113

For nightly build of Slicer (launcher pre-built against Qt 4.8.6): http://packages.kitware.com/item/7565

TagsNo tags attached.

Relationships

related to 0004124 closedjcfr Slicer.exe (AppLauncher) detected as a malware [Hoax.Win32.ArchSMS.cnpls] by Microsoft 

Activities

jcfr

jcfr

2016-01-10 18:11

administrator   ~0013713

To follow up on this, incriminated files have been submitted to https://virusdesk.kaspersky.com/

Associated tracking numbers are:

  • KLAN-3577826089: CTKAppLauncherW.exe (built against Qt 4.7.4), used in windows installers. (Slicer 4.4.0, Slicer 4.5.0-1 and Nightly prior r24838 of Jan 7, 2016)

  • KLAN-3577827621: CTKAppLauncher.exe (built against Qt 4.7.4), used in windows build tree. (Slicer 4.4.0, Slicer 4.5.0-1 and Nightly prior r24838 of Jan 7, 2016)

  • KLAN-3577826505: CTKAppLauncher-Qt486.exe, used in Slicer nightly build tree. (as of r24838 of Jan 7, 2016)

  • KLAN-3577827621: CTKAppLauncherW-Qt486.exe, used in Slicer Nightly installers (as of r24838 of Jan 7, 2016)
jcfr

jcfr

2016-01-12 12:40

administrator   ~0013715

Here is the case number following my last email to "newvirus [at] kaspersky [dot] com":

Re: 3D Slicer wrongly detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kaspersky [KLAN-3603558921]
jcfr

jcfr

2016-01-14 18:03

administrator   ~0013723

After uploading different packages of the launcher to virustotal.com, here is the report:
jcfr

jcfr

2016-01-15 04:43

administrator   ~0013725

Contact points kindly provided by VirusTotal team:

AegisLab - http://www.aegislab.com/Support/

Agnitum - http://www.agnitum.com/support/contact.php

Ahnlab - http://global.ahnlab.com/en/site/support/virusreport/virusReport.do

Antiy - Submit false positive to submit@antiy.com.

Antivir - cleanset@avira.com, virus_malware@avira.com, virus@avira.com

AVG - files http://samplesubmit.avg.com/us-en/false-detection
URLs http://www.avgthreatlabs.com/website-safety-reports/

Avira - http://analysis.avira.com/samples/index.php

Avast - virus@avast.com

Baidu - bav@baidu.com

BitDefender

Bkav - bkav@bkav.com

Blueliv - support@blueliv.com

ByteHero - Submit false positive to support@bytehero.com.

ClamWin - http://www.clamav.net/lang/en/sendvirus/submit-fp/

comodo - malwaresubmit@avlab.comodo.com

Commtouch - viruslab@f-prot.com or virus@authentium.com

DrWeb
https://vms.drweb.com/online/?lng=en

Emsisoft - Create a new thread and submit file in this forum.

ESET - http://support.eset.com/kb141/

F-prot - http://www.f-prot.com/virusinfo/false_positive_form.html

F-secure - https://analysis.f-secure.com/portal/login.html

Filseclab - Submit false positive to fp@filseclab.com.

Fortinet

G Data

Hauri - http://www.hauri.net/support/virus_report.html

Ikarus - Submit false positive to false-positive@ikarus.at.

Jiangmin - Submit false positive to support@jiangmin.com, shaojia@jiangmin.com

K7 - Submit false positive to support@k7computing.com.

Kaspersky Lab - http://support.kaspersky.com/virlab/helpdesk.html

Kingsoft - operation@cmcm.com

Lavasoft - http://www.lavasoft.com/support/securitycenter/report_false_positives.php

McAfee-Gateway - http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx or virus_research@mcafee.com

Microsoft - https://www.microsoft.com/security/portal/Submission/Submit.aspx

NANO - http://www.nanoav.ru/index.php?option=com_content&view=article&id=15&Itemid=53

Netcraft URL http://toolbar.netcraft.com/site_report

Norman - Submit false positive to http://www.norman.com/business/support/support_tools/potential_false_postive_virus_alarm

nProtect - Submit false positive to support@nprotect.com.

Quickheal - http://www.quickheal.com/submitticket

Qihoo 360
http://www.360safe.com/
kefu@360.cn

Rising
longyu@rising.com.cn

Sophos - https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx

SUPERAntiSpyware - Create a new thread and submit file in this forum.

Symantec - https://submit.symantec.com/false_positive/

Tencent
http://tencent.com/en-us/cs/service.shtml
TAVfp@tencent.com

The Hacke - virus@hacksoft.com.pe, falsopositivo@hacksoft.com.pe

ThreatTrack - http://www.threattracksecurity.com/resources/submissions.aspx

TotalDefense - Submit false positive to totaldefense@iyogi.net.

TrendMicro - http://www.trendmicro.com/us/about-us/detection-reevaluation/index.html

TrendMicroHouseCall - http://esupport.trendmicro.com/solution/en-us/1037634.aspx

VirIT - http://www.tgsoft.it/italy/file_sospetti.asp

VirusBlokAda - http://www.anti-virus.by/check/

**Websense http://csi.websense.com/

Zillya! - http://zillya.com/node/30

Zoner - http://www.zonerantivirus.cz/zaslani-vzorku-k-overeni
jcfr

jcfr

2016-01-15 04:45

administrator   ~0013726

And here is the exact list of positive detections associated with Slicer 4.5.0-1 release: https://gist.github.com/jcfr/b9c7a516d0e104c0408e
jcfr

jcfr

2016-01-25 09:10

administrator   ~0013744

Fixed in r24838 where a new launched built against Qt 4.8.6 has been integrated.
See http://viewvc.slicer.org/viewvc.cgi/Slicer4?view=revision&revision=24838

Issue History

Date Modified Username Field Change
2016-01-10 14:19 jcfr New Issue
2016-01-10 14:19 jcfr Status new => assigned
2016-01-10 14:19 jcfr Assigned To => jcfr
2016-01-10 14:21 jcfr Product Version => Slicer 4.5.1
2016-01-10 14:21 jcfr Target Version Slicer 4.5.1 => Slicer 4.6.0
2016-01-10 14:23 jcfr Relationship added related to 0004124
2016-01-10 14:33 jcfr Description Updated View Revisions
2016-01-10 15:29 jcfr Description Updated View Revisions
2016-01-10 15:30 jcfr Description Updated View Revisions
2016-01-10 18:11 jcfr Note Added: 0013713
2016-01-12 12:30 jcfr Summary Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kapsersky => Slicer.exe (AppLauncher) detected as a malware [PDM:Trojan.Win32.Bazon.a] by Kaspersky
2016-01-12 12:40 jcfr Note Added: 0013715
2016-01-14 18:03 jcfr Note Added: 0013723
2016-01-15 04:43 jcfr Note Added: 0013725
2016-01-15 04:45 jcfr Note Added: 0013726
2016-01-25 09:10 jcfr Note Added: 0013744
2016-01-25 09:10 jcfr Status assigned => resolved
2016-01-25 09:10 jcfr Fixed in Version => Slicer 4.6.0
2016-01-25 09:10 jcfr Resolution open => fixed
2016-01-26 16:29 jcfr Status resolved => closed
2016-10-13 01:25 jcfr Product Version Slicer 4.5.1 => Slicer 4.5.0-1